Do they have a Zero Knowledge policy or anything close to it, though? It doesn't matter if they don't make money from it, if they still collect all the data.
I don't know how a service that's meant to cache data is supposed to be "zero knowledge", but hopefully they can do something about that - until it's too late and authorities already have a 1,000 requests lined up for their data.
There was an article[1] from a few years ago about Cloudflare's infrastructure and from the sounds of it they can't link customers to data. Data does exists because that's the nature of a cache, but its defined with an undefined timestamp and is purged regularly in order to have enough disk space.
>Unlike most database applications, the cache stored at each CloudFlare facility has an undefined expiration date—and because of the nature of those facilities, it isn't a simple matter to add more storage. To keep the utilization level of installed storage high, the cache system simply purges older cache data when it needs to store new content.
>The downside of the hash-based cache's simplicity is that it has no built-in logging system to track content. CloudFlare can't tell customers which data centers have copies of which content they've posted. "A customer will ask me, 'Tell me all of the files you have in cache,'" Prince said. "For us, all we know is there are a whole bunch of hashes sitting on a disk somewhere—we don't keep track of which object belongs to what site."
It's not just supposed to cache data (though it probably makes sense for most static data), it can also act as a firewall for your dynamic data, improving response times and preventing DDoS.
I don't know how a service that's meant to cache data is supposed to be "zero knowledge", but hopefully they can do something about that - until it's too late and authorities already have a 1,000 requests lined up for their data.